Access control: Windows vs Linux

I'm reading MIT 6.893 lectures on which it says protection in Unix is a mess, no underlying principle, and it also points out that Windows has better alternatives, which can pass privileges from one process to another over IPC.

In my opinion, although it seems that Windows users are more subject to viruses and vulnerabilities, I believe it is mainly due to most Windows users are less experienced computer users and Windows platform attracts more attackers since it has more users.

I'd like to know are there any more detailed articles or paper comparing security mechanisms and designs in Windows and Linux?

Answers


Nobody would dispute that writing buffer overflows on Windows is substantially harder than on linux. As well, The ACL system in Windows is vastly superior to the *nix system in numerous respects (Its still possible to use setpgid() to break outside of chroot()/jail() and transfer the psuedo-root tokens to effective UID 0).

HOWEVER.

Linux, BSD, Solaris, and AIX have the virtue of having user-made patches which implement very impressive security features. I'd name the PaX/GrSEC projects, Which, regardless of security shortcomings in the past few years, Have set the standard for implementing Address Space Layout Randomization, Likewise for StackGuard, W^X and the numerous other utilitiees designed to prevent Heap and Format string attacks from being successful. Strictly from an access point of view, There are many extensions to the admittedly outdated current system.

If process division attacks are a concern for you, Not to be that Crotchety Unix Admin, but Windows has suffered far, far, worse

In short, If you're lazy, You're better off with Windows. If you're dilligent, You're often better off with *Nix (From a security perspective)


Here is a detailed article that gets to the heart of the matter - it doesn;t matter how powerful and detailed your access control and security systems are... if its too complicated to set them correctly, you will end up with security holes. In this case its complexity of the systems - the larger the 'surface', the more chance there is of a security bug.

I used to see this with our domain groups - its too easy to give someone access to a secured resource if they are in the wrong group if you have too many groups. The register describes this better.


I'd like to know are there any more detailed articles or paper comparing security mechanisms and designs in Windows and Linux?

This one sounds relatively good to my novice eyes... a bit old and slightly biased, but not so much.


Need Your Help

Moq Linq-to-SQL readonly property

asp.net asp.net-mvc visual-studio-2008 linq-to-sql moq

I have a table aspnet_User in my model(dbml file) where I have a property UserName which is ReadOnly. I thought I could do this.

Global variable in Tcl

tcl

I am trying to use a global variable (gpio_out_set_3) by declaring it outside a function (because the variable might be used in other functions too in future). Inside the function, I have declared ...